All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-28737
HIGHpublished 2026-07-03 21:16 UTC · 18 hours ago
8.7
CVSS / 10
// description
Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer.
// weaknesses (CWE)
- CWE-79